As India rushes to go online, it provides fertile ground to hackers

Security researchers are increasingly looking in countries outside the West to discover the newest, most creative and potentially most dangerous types of cyberattacks being deployed.New York Times | July 03, 2017, 16:44 IST

SAN FRANCISCO: The attack had the hallmarks of something researchers had dreaded for years: malicious software using artificial intelligence that could lead to a new digital arms race in which AI-driven defenses battled AI-driven offenses while humans watched from the sidelines.

But what was not as widely predicted was that one of the earliest instances of that sort of malware was found in India, not in a sophisticated British banking system or a government network in the United States.

Security researchers are increasingly looking in countries outside the West to discover the newest, most creative and potentially most dangerous types of cyberattacks being deployed.

As developing economies rush to go online, they provide a fertile testing ground for hackers trying their skills in an environment where they can evade detection before deploying them against a company or state that has more advanced defenses.

The cyberattack in India used malware that could learn as it was spreading, and altered its methods to stay in the system for as long as possible. Those were "early indicators" of AI, according to the cybersecurity company Darktrace.

Essentially, the malware could figure out its surroundings and mimic the behavior of the system's users, though Darktrace said the firm had found the program before it could do any damage.

At times, these attacks are simply targeting more susceptible victims. While companies in the United States will often employ half a dozen security firms' products as defensive measures, a similar company elsewhere may have just one line of defense — if any.

In the case of attacks carried out by a nation-state, companies in the United States can hope to receive a warning or assistance from the federal government, while companies elsewhere will often be left to fend for themselves.

Cybersecurity experts now speculate that a February 2016 attack on the central bank of Bangladesh, believed to have been carried out by hackers linked to North Korea, was a precursor to similar attacks on banks in Vietnam and Ecuador.

It was an unprecedented form of cyberattack. But since then, the cybersecurity firm Symantec has found the method used against banks in 31 countries.

The malware discovered by Darktrace researchers stopped short of being a full-fledged AI-driven piece of software. It did, however, learn while it was in the system, trying to copy the actions of the network in order to blend in.